Hi Milan, On 13 January 2017 at 17:31, Ondrej Mosnáček <omosnacek@xxxxxxxxx> wrote: > 2017-01-13 11:41 GMT+01:00 Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>: >> On Thu, Jan 12, 2017 at 01:59:52PM +0100, Ondrej Mosnacek wrote: >>> the goal of this patchset is to allow those skcipher API users that need to >>> process batches of small messages (especially dm-crypt) to do so efficiently. >> >> Please explain why this can't be done with the existing framework >> using IV generators similar to the ones used for IPsec. > > As I already mentioned in another thread, there are basically two reasons: > > 1) Milan would like to add authenticated encryption support to > dm-crypt (see [1]) and as part of this change, a new random IV mode > would be introduced. This mode generates a random IV for each sector > write, includes it in the authenticated data and stores it in the > sector's metadata (in a separate part of the disk). In this case > dm-crypt will need to have control over the IV generation (or at least > be able to somehow retrieve it after the crypto operation... but > passing RNG responsibility to drivers doesn't seem to be a good idea > anyway). > > 2) With this API, drivers wouldn't have to provide implementations for > specific IV generation modes, and just implement bulk requests for the > common modes/algorithms (XTS, CBC, ...) while still getting > performance benefit. I just sent out v3 for the dm-crypt changes I was working on. I came across your patches for authenticated encryption support. Although I haven't looked at it entirely, I was wondering how it could be put together including the points Ondrej was mentioning. Will look at it more. Please keep me in cc when you send out the next revision if that is possible. Thanks, Binoy -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html